Please Scroll Down to See Forums Below 
Keptprivate? Cyber-rights? Hushmail?
If not Hotmail then what? What is the most safest free E-mail?
- Thread starter Smokescreen
- Start date
Cool! Thanks! So to hell with hushmail?
bicepts101
New member
Carth said:
hushmail is good to go
hush
elite(same as hush)
ziplip
cyber-rights
keptprivate
_Yossarian_
New member
using a hush based encryption system is the best way to go as there is more inter-compatability between service providers
hushmail,cyber-rights, elitefitness, and Hush?, are all compatible.
hushmail,cyber-rights, elitefitness, and Hush?, are all compatible.
C
Code
Guest
EF Stealth mail.
Hush, ziplip etc etc.
Basically, with *all* of these server-side encryption services they only encrypt when you send to other users of the *same* system.
If you have a solid network of people who require encryption, your safest bet is to go with PGP.
Hush, ziplip etc etc.
Basically, with *all* of these server-side encryption services they only encrypt when you send to other users of the *same* system.
If you have a solid network of people who require encryption, your safest bet is to go with PGP.
C
Code
Guest
googlepig said:
Aside from the fact that it's not encrypted, mail providers residing in the united states are more prone to hand over access to the account to the federal authorities than say one residing in Ireland or Sealand etc.
I'm going Hush than.
J
jerseymoves
Guest
Hush is easy and free
C
Code
Guest
They are not compatible, sending mail from EF Stealth to a Hush user or cyber-rights user means there is no encryption.
Are they the same encryption algorithm? Yes. But each system uses a different seed key, if they didn't someone at Hush could open and read ALL EF encrypted mail.
Are they the same encryption algorithm? Yes. But each system uses a different seed key, if they didn't someone at Hush could open and read ALL EF encrypted mail.
Yossarian2000 said:
boogersnax
New member
Cyber-rights.net uses the Hushmail encryption engine.
PEACE
PEACE
pharmadan
New member
Hushmail, cyber-rights, elitefitness, ziplip are all compatible. They all use PGP encryption, and as long as the public keys are available, they are compatible and secure. PGP providers are VERY secure (if you passphrase is secure). The advantage to PGP encryption is that if other eyes try to snoop into your mail, it is not "economical" to decrypt (again ... based on how secure your passphrase is). Not even the companies that host PGP based email can snoop. What I mean by "economical" is that the more secure your passphrase is (based on bits on entropy), the more expensive and time consuming it becomes for interested parties to crack the encryption. Read the diceware link below.
Keptprivate is NOT secure. Keptprivate does use SSL encryption from the email server to your desktop, which can inhibit packet sniffers, but the email can still be easily read from the server.
Assume any other email provider (yahoo, msn, hotmail) is NOT secure. BTW, operamail is NOT secure. If there is a link "Forgot your password?" anywhere, the system is NOT SECURE.
KEY THINGS TO REMEMBER
--------------------------
1. Do not accept unencrypted email (requires paid subscription with some providers).
2. Never send email unencrypted.
3. Your passphrase determines how strong the encryption REALLY is. http://world.std.com/~reinhold/diceware.html
4. Do not lose or forget your passphrase or you are screwed. It can not be recovered.
Basic PGP Information
http://www.pgpi.org/doc/pgpintro/
Keptprivate is NOT secure. Keptprivate does use SSL encryption from the email server to your desktop, which can inhibit packet sniffers, but the email can still be easily read from the server.
Assume any other email provider (yahoo, msn, hotmail) is NOT secure. BTW, operamail is NOT secure. If there is a link "Forgot your password?" anywhere, the system is NOT SECURE.
KEY THINGS TO REMEMBER
--------------------------
1. Do not accept unencrypted email (requires paid subscription with some providers).
2. Never send email unencrypted.
3. Your passphrase determines how strong the encryption REALLY is. http://world.std.com/~reinhold/diceware.html
4. Do not lose or forget your passphrase or you are screwed. It can not be recovered.
Basic PGP Information
http://www.pgpi.org/doc/pgpintro/
C
Code
Guest
The commercial sector has been stagnant re: encryption for over 20 years. DES was the de facto standard for over a decade. The US government, on the other hand, has not used DES in well over 18 years. This means they have a 20 year advantage on encrypting and decrypting your data. Only recently has NIST even bothered to nominate and choose a new Advanced Encryption Standard (blowfish). DES stood for far too long and was assumed secure for that entire time.
PGP 2048 has been broken with 50 re-designed atari chips (ascs) in under 20 minutes, it is very economical from a law enforcement stand-point. Total cost of the machine was under 10 grand.
Remember, encrption isn't about keeping your data secure. It's about keeping data secure for X amount of time, X is a variable which changes radically based on the algorithm used.
Your passphrase does not do anything for key generation. That takes place when they ask you to move your mouse around the little black square. A long passphrase simply means it's harder for someone to guess, or MITM attack your account.
You cannot sniff server based encrytped mail; mail sent from one Hush user to another never leaves the server. You *can* sniff the connection of the end-user checking the mail. But SSL/TLS is secure for one primary reason, by the time the SSL connections times out (or the user disconnects) is not nearly enough time it would take to crack the keys and inject or pull out packets. And SSL and TLS sessions are session-based keys, meaning you use different key-sets for each session. So the hacker would be starting from ground-zero with each session.
PGP 2048 has been broken with 50 re-designed atari chips (ascs) in under 20 minutes, it is very economical from a law enforcement stand-point. Total cost of the machine was under 10 grand.
Remember, encrption isn't about keeping your data secure. It's about keeping data secure for X amount of time, X is a variable which changes radically based on the algorithm used.
Your passphrase does not do anything for key generation. That takes place when they ask you to move your mouse around the little black square. A long passphrase simply means it's harder for someone to guess, or MITM attack your account.
You cannot sniff server based encrytped mail; mail sent from one Hush user to another never leaves the server. You *can* sniff the connection of the end-user checking the mail. But SSL/TLS is secure for one primary reason, by the time the SSL connections times out (or the user disconnects) is not nearly enough time it would take to crack the keys and inject or pull out packets. And SSL and TLS sessions are session-based keys, meaning you use different key-sets for each session. So the hacker would be starting from ground-zero with each session.
pharmadan said:
pharmadan
New member
PGP does not use DES. PGP is a hybrid cryptosystem. It is made up of 4 cryptographic elements: It contains a symmetric cipher (IDEA), an asymmetric cipher (RSA), a one-way hash (MD5), and a random number generator (Which is two-headed, actually: it samples entropy from the user and then uses that to seed a PRNG). Each is subject to a different form of attack.
http://axion.physics.ubc.ca/pgp-attack.html
We both have done some homework and this thread is actually mentally stimulating. Maybe it should be moved to the chat board though.
http://axion.physics.ubc.ca/pgp-attack.html
Don't believe it. I have Googled "atari pgp" and found nothing. Please post a credible reference and I will not doubt you no more.Code said:
Never said it did. When referring to bits of entropy, it applies only to a brute force crack. You are correct here.Code said:
Never said you could.Code said:
We both have done some homework and this thread is actually mentally stimulating. Maybe it should be moved to the chat board though.
